View Single Post
Old 09-29-2009, 07:16 AM  
bigstar
FlashFXP Developer
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

MxxCon knows security and FlashFXP very well. He's been a beta tester for us for as long as we've had beta testers.

All popular software can be a target for malware, especially those that store site information.

One of the first things I added to protect our customers was Application Password Protection, by enabling this you are prompted for the password each time you start FlashFXP, this password isn't stored anywhere and your data files are encrypted with strong encryption, if you lose or forget the password there is no way to recover it other than a brute force attack. For some customers it can be somewhat inconvenient to enter the password each time you start FlashFXP but if you want real protection then you need to accept the fact that a password needs to be entered each time you start FlashFXP. Otherwise your security isn't guaranteed.

To enable Application Password Protection
Main Menu > Sites > Security > Set Password

I've thought about changing the scrambling method used in the sites.dat since we've used the same method for years but by changing it only gives a false sense of security. I've also looked into encrypting the data files with a generic key but again, this is just false sense of security and that's why we don't do it.
bigstar is offline